Documentation Center

Creating and modifying identity providers

Tridion Docs provides the Tridion Docs Identity Provider as a sample identity provider that OpenID Connect protocol and makes it easy to get started with Access Management. After installation, you can implement your choice of identity provider to fit your organization's individual needs. Access Management supports as many IdPs as needed for each implementation of Tridion Docs.

Before you begin

If you will be configuring an IdP to use OpenID Connect, you have registered Access Management as an application in the provider's configuration website.

Work in Access Management requires that you be an authorized user. If you do not have access and require it, contact your System Administrator.

About this task

The following procedure summarizes the process of configuring an IdP for the various Tridion Docs applications. Refer to the related topics for details on performing the different steps.

Procedure

  1. Go to the website for Access Management.

    The Identity providers tab shows a list of existing IdPs. You can select an existing IdP for editing, or use Add identity provider button create a new one using the wizard.

  2. Define General settings. This is information tells Access Management how to connect to an external IdP. Refer to the related topics to review the information that will be required and obtain the necessary values from the IdP administrator.
  3. Define Forwarded claims. These are claims that you want to be forwarded from the external identity provider (IdP). The need to add claims to this section depends on the design of the integration between the IdP and your applications. Access Management.
  4. Define Access settings. These settings define end user and API access for the one or more applications. In simplest terms, the claims defined on the left represent what needs to be present in a token in order to grant the access to the applications and roles selected on the right side.
    1. First, define the a claim, which you can do in two basic ways:
      • Define a specific claim that gives access only to users (or to an API) who have some specific value present in their token. With this method, use the Type and Value fields to define type:value pairs, where the type is the name of the claim in the external IdP and the value is value that the claim must have in order for Access Management to give the user access. Note that the format of the value depends on the IdP.
      • Define a general, or "global" claim, that gives the same access to all valid, authenticated users. Select the option to Make selected settings global. Any user who successfully logs in through the IdP will be able to access the selected applications.
    2. Next, select one or more applications from the Applications list. When the token contains the claims you defined in the previous step, the user or API will have general access to these applications.
    3. Lastly, select one or more roles that will be granted when the claims are present in the token. When the token contains the claims you defined in step a, the user or API will be assigned this role (or roles) in the application. Note that the available roles and how they are used varies across the different applications.

    Repeat steps a to c, as needed, to define access to your needs. Note that you can combine the two methods (specific and global), and can define as many type:value pairs as needed, but you can have only one global setting.

  5. Select Save.
    Access Management returns you to the list of identity providers.